Cybersecurity researchers have identified a large-scale password spraying campaign linked to Iran targeting Microsoft 365 accounts across multiple regions. The attacks primarily focused on organizations in Israel and the United Arab Emirates, with hundreds of organizations affected, along with additional targets in Europe, the United States, and Saudi Arabia.

Unlike traditional brute-force attacks, password spraying involves trying a small set of commonly used passwords across many accounts, making it harder to detect and increasing the chances of success. In this campaign, attackers conducted multiple waves of login attempts and used rotating IP addresses and VPN services to bypass security controls and avoid detection.

Once attackers gained valid credentials, they were able to access sensitive data such as emails and internal systems. The activity is believed to be مرتبط with broader geopolitical objectives, including intelligence gathering and surveillance.

This case highlights how effective simple identity-based attacks can still be. Organizations are strongly encouraged to enforce strong password policies, enable multi-factor authentication, and continuously monitor login activity to prevent unauthorized access.

source: https://thehackernews.com/2026/04/iran-linked-password-spraying-campaign.html